TheTechGuide Forums

=> Tech Clinic => Topic started by: jcurrieirocz on February 08, 2014, 10:05:02 AM

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 08, 2014, 10:05:02 AM

recently this week I have an issue where Ive restarted my laptop and right away 1\" of the right side of my screen is not being used and a smaller portion on the bottom of the screen is hidden below. Horizonanaly it srunk and verticaly it got longer. Its like this before the windows screen and know matter what resolution change i make its still incorrect. Eventally after some other restarts it will be back to normal all over again. Im guessing its spyware or something worse. please help. Its happened twice now and just before it happened this time i lost alot of computer speed and download speed was cut in half. I tryed updateing my graphics driver and nothing,,, theres no toshibia updates or windows updates. Im running windows 7 on a Satellite L500-02H PSLS0C-02H012

Title: New graphics issue? computer acting wierd...
Post by: guestolo on February 09, 2014, 10:06:08 AM

sorry for the delay, can you do the following please:

Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
  
• Click Run Scan and let the program run uninterrupted.
  
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
  
  

 

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 10, 2014, 12:32:41 PM

OTL logfile created on: 10/02/2014 8:35:33 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\JC\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.72% Memory free

7.68 Gb Paging File | 6.09 Gb Available in Paging File | 79.26% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 116.28 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

 

Computer Name: JC-PC | User Name: JC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/02/10 08:34:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/11/14 20:48:30 | 001,861,968 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe

PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe

PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe

PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe

PRC - [2013/05/23 14:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe

PRC - [2013/05/23 14:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/09 22:23:22 | 000,223,232 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Serv759bfb78#\\3bc7ec22c021d74dce4f8230f3631fca\\System.ServiceProcess.ni.dll

MOD - [2014/01/09 22:23:09 | 001,889,792 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xaml\\639f444db9491d25b5d158531e1f7d9b\\System.Xaml.ni.dll

MOD - [2014/01/09 22:23:07 | 000,802,816 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\034c34ee777c7a2efc9c631b1179211c\\System.Runtime.Remoting.ni.dll

MOD - [2014/01/09 22:22:52 | 018,813,440 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\a2eb039301af47660eebc7566ce02b9c\\PresentationFramework.ni.dll

MOD - [2014/01/09 22:22:40 | 007,662,080 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\d91f3556f8011a5d48e1448e3fa8df9e\\System.Xml.ni.dll

MOD - [2014/01/09 22:22:35 | 011,025,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\b9fe579783a35b57dd7e69375f35e239\\PresentationCore.ni.dll

MOD - [2014/01/09 22:22:35 | 000,976,384 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1f56d5786274992934de0c900431c447\\System.Configuration.ni.dll

MOD - [2014/01/09 22:22:32 | 006,990,336 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\4e69f1e7d86d79012db2d7e0dadc8880\\System.Core.ni.dll

MOD - [2014/01/09 22:22:26 | 003,950,080 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\ef90aeb894485d14b249d102309b6df3\\WindowsBase.ni.dll

MOD - [2014/01/09 22:22:22 | 010,060,800 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\79f6324a598a7c4446a4a1168be7c4b1\\System.ni.dll

MOD - [2014/01/09 22:22:15 | 016,953,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\045c9588954c3662d542b53f4462268b\\mscorlib.ni.dll

MOD - [2013/11/14 20:49:56 | 000,100,688 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdateCheck.dll

MOD - [2013/11/14 20:48:30 | 001,861,968 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/11/26 05:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/02/23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\\Program Files\\TOSHIBA\\TPHM\\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\\Program Files\\TOSHIBA\\Power Saver\\TosCoSrv.exe -- (TosCoSrv)

SRV - [2014/02/05 11:16:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/20 09:06:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe -- (avgwd)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgdiska.sys -- (Avgdiska)

DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/20 09:07:08 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/08/27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/07/20 16:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: \"http://ca.msn.com/\"

FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1

FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..keyword.URL: \"\"

 

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_12_0_0_43.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_12_0_0_44.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@divx.com/DivX VOD Helper,version=1.0.0: C:\\Program Files (x86)\\DivX\\DivX OVS Helper\\npovshelper.dll (DivX, LLC.)

FF - HKLM\\Software\\MozillaPlugins\\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\\Program Files (x86)\\DivX\\DivX Web Player\\npdivx32.dll (DivX, LLC)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~4\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~4\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=16.4.3508.0205: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.0.8: C:\\Program Files (x86)\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 17:35:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 17:35:32 | 000,000,000 | ---D | M]

 

[2013/07/19 21:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Extensions

[2014/01/16 19:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions

[2013/08/15 22:17:22 | 000,128,676 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\[email protected]

[2013/10/28 16:52:00 | 000,011,510 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\[email protected]

[2013/10/28 16:52:00 | 000,021,093 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2014/01/16 19:19:51 | 000,940,775 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/11/19 11:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2013/12/20 09:06:45 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2 - BHO: (Lightning Savings) - {11111111-1111-1111-1111-110311701104} - C:\\Program Files (x86)\\Lightning Savings\\Lightning Savings-bho.dll File not found

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O4:64bit: - HKLM..\\Run: [00TCrdMain] C:\\Program Files\\TOSHIBA\\FlashCards\\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [HotKeysCmds] C:\\Windows\\SysNative\\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [HSON] C:\\Program Files\\TOSHIBA\\TBS\\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [SmoothView] C:\\Program Files\\TOSHIBA\\SmoothView\\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [TosWaitSrv] C:\\Program Files\\TOSHIBA\\TPHM\\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [TPwrMain] C:\\Program Files\\TOSHIBA\\Power Saver\\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\\Run: [AVG_UI] C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [DivXMediaServer] C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\\Run: [DivXUpdate] C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe ()

O4 - HKLM..\\Run: [KiesTrayAgent] C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\\Run: [ToshibaServiceStation] C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\\Run: [AVG-Secure-Search-Update_0214c] C:\\Users\\JC\\AppData\\Roaming\\AVG 0214c Campaign\\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3d36cfad21ae47d3ac4ad16f64d72b2d-0bce24661d296fd33ca722b7840714b550f4dabf /CMPID=0214c File not found

O4 - HKCU..\\Run: [AVG-Secure-Search-Update_1113a] C:\\Users\\JC\\AppData\\Roaming\\AVG 1113a Campaign\\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3d36cfad21ae47d3ac4ad16f64d72b2d-0bce24661d296fd33ca722b7840714b550f4dabf /CMPID=1113a File not found

O4 - HKCU..\\Run: [KiesAirMessage] C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup File not found

O4 - HKCU..\\Run: [KiesPreload] C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe (Samsung)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{93FA396F-A4DC-4D34-91C8-DE334BF6D81D}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found

O18 - Protocol\\Handler\\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\AutoRun\\command - \"\" = D:\\SETUP.EXE

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\configure\\command - \"\" = D:\\SETUP.EXE

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\install\\command - \"\" = D:\\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/02/10 08:33:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

[2014/02/04 18:35:20 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\\Windows\\SysWow64\\CSVer.dll

[2014/02/04 18:32:22 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SystemRequirementsLab

[2014/02/04 18:32:16 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\AppData\\Roaming\\SystemRequirementsLab

[2014/02/04 17:51:06 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\x64

[2014/02/04 17:51:06 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\Lang

[2014/02/04 17:51:05 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\\Windows\\SysWow64\\igxpun.exe

[2014/02/04 11:12:52 | 000,000,000 | --SD | C] -- C:\\Users\\JC\\Documents\\My Data Sources

[2014/02/04 10:22:39 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\Documents\\Excel Activator

[2014/02/04 10:19:16 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office

[2014/02/04 10:18:57 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Synchronization Services

[2014/02/04 10:18:55 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\DESIGNER

[2014/02/04 10:18:23 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft SQL Server Compact Edition

[2014/02/04 10:16:53 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Analysis Services

[2014/02/04 10:16:53 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Microsoft Analysis Services

[2014/02/04 10:16:41 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\AppData\\Local\\Microsoft Help

[2014/02/04 10:16:40 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Microsoft Office

[2014/02/04 10:16:38 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Office

[2014/02/04 10:16:38 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft Help

[2014/02/04 10:16:23 | 000,000,000 | RH-D | C] -- C:\\MSOCache

[2014/01/21 21:09:27 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/21 21:09:20 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/21 21:09:20 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/21 21:09:20 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/15 22:36:02 | 000,000,000 | ---D | C] -- C:\\Windows\\Minidump

[2014/01/15 08:46:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys

[2014/01/15 08:46:41 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys

[2014/01/15 08:46:38 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys

 

========== Files - Modified Within 30 Days ==========

 

[2014/02/10 08:34:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

[2014/02/10 08:31:48 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/02/10 00:16:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/02/09 16:13:17 | 000,001,798 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Vuze.lnk

[2014/02/09 16:13:17 | 000,001,798 | ---- | M] () -- C:\\Users\\JC\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Vuze.lnk

[2014/02/09 09:56:52 | 000,781,618 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI

[2014/02/09 09:56:52 | 000,666,680 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat

[2014/02/09 09:56:52 | 000,126,324 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat

[2014/02/08 13:19:04 | 000,028,352 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/02/08 13:19:04 | 000,028,352 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/02/08 13:11:40 | 3092,938,752 | -HS- | M] () -- C:\\hiberfil.sys

[2014/02/05 11:16:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2014/02/05 11:16:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2014/02/04 17:54:25 | 000,015,190 | ---- | M] () -- C:\\Windows\\SysNative\\results.xml

[2014/02/04 17:33:24 | 000,291,152 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT

[2014/02/04 09:44:58 | 000,002,835 | ---- | M] () -- C:\\Users\\JC\\Documents\\Budget as of Jan 2014.rtf

[2014/02/04 09:44:58 | 000,002,835 | ---- | M] () -- C:\\Users\\JC\\Desktop\\Budget as of Jan 2014.rtf

[2014/01/24 09:39:43 | 000,000,332 | ---- | M] () -- C:\\Users\\JC\\Desktop\\new cds.rtf

[2014/01/15 22:35:59 | 443,984,828 | ---- | M] () -- C:\\Windows\\MEMORY.DMP

 

========== Files Created - No Company Name ==========

 

[2014/02/04 17:54:25 | 000,015,190 | ---- | C] () -- C:\\Windows\\SysNative\\results.xml

[2014/01/15 22:35:59 | 443,984,828 | ---- | C] () -- C:\\Windows\\MEMORY.DMP

[2014/01/09 22:19:43 | 000,762,252 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2013/05/22 19:43:52 | 000,030,568 | ---- | C] () -- C:\\Windows\\MusiccityDownload.exe

[2013/05/22 19:43:48 | 000,974,848 | ---- | C] () -- C:\\Windows\\SysWow64\\cis-2.4.dll

[2013/05/22 19:43:48 | 000,081,920 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_bs-2.3.dll

[2013/05/22 19:43:48 | 000,065,536 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_pe-2.3.dll

[2013/05/22 19:43:48 | 000,057,344 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_se-2.3.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]


< End of report >

 

 

 

OTL Extras logfile created on: 10/02/2014 8:35:33 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\JC\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.72% Memory free

7.68 Gb Paging File | 6.09 Gb Available in Paging File | 79.26% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 116.28 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

 

Computer Name: JC-PC | User Name: JC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.html[@ = htmlfile] -- C:\\Program Files\\Internet Explorer\\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\\Program Files\\Internet Explorer\\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = FirefoxHTML] -- C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

http [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

https [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files (x86)\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files (x86)\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" (VideoLAN)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

http [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

https [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files (x86)\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files (x86)\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%1\" (VideoLAN)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = 28 4D B2 76 41 04 CA 01  [binary data]

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{0BA3FFFF-F020-4FAC-B111-77EC54688373}\" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

\"{11AD22B3-738C-4D77-917C-8A4A120CEB9A}\" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

\"{1BD15A4A-5177-458F-8865-1EA0C06EF340}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{237243F1-3ABC-4998-8CC4-C4735791F754}\" = lport=138 | protocol=17 | dir=in | app=system |

\"{28F3DE44-7B2D-4DB5-A41D-790D880BDCC0}\" = rport=139 | protocol=6 | dir=out | app=system |

\"{2CFA701C-07BA-4B39-A3E9-38DDD808E56C}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{2E92F9CE-DFEA-4453-995A-D28830EAB945}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{50681E6A-20A1-432A-A437-C41A2DF03828}\" = lport=139 | protocol=6 | dir=in | app=system |

\"{516F6FAE-43BE-4235-96EE-8FADB691EC2A}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{5F4EF54C-6A24-40C1-9260-34F0FE547100}\" = rport=137 | protocol=17 | dir=out | app=system |

\"{6EF62BA7-1157-495C-9A70-05CDE6A14C9B}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

\"{7CFE1605-1A1C-4116-9926-BAF701DE911D}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{82044F62-106B-43FC-8843-D8CA4FE4242B}\" = rport=10243 | protocol=6 | dir=out | app=system |

\"{86431778-C0FE-4F3A-85A8-A33D04ECB3CE}\" = lport=137 | protocol=17 | dir=in | app=system |

\"{97EA11BB-B307-4014-BA74-E96184AE2678}\" = lport=10243 | protocol=6 | dir=in | app=system |

\"{9A72AB18-3513-42AB-AFF1-C8111F2D97E0}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{BC318A78-0A81-48A8-9DF5-43D06F00FD1A}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{BE7AEDB3-2131-423E-8E1F-14D26F37C813}\" = rport=445 | protocol=6 | dir=out | app=system |

\"{C599A71B-1473-433B-A3CF-1BDD6AE451DB}\" = lport=2869 | protocol=6 | dir=in | app=system |

\"{C716B052-4F30-4BF0-9986-8BCFCFECD0AA}\" = lport=445 | protocol=6 | dir=in | app=system |

\"{E667391F-70BA-46BE-83DB-19499AF483D9}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{EAB36F5B-3E3D-4742-850B-B8B806C5C448}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe |

\"{EC9916A3-D175-490D-9DDC-CF343B4639A7}\" = rport=138 | protocol=17 | dir=out | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{04A57A22-F169-4CE2-9CCF-36FB1A307693}\" = protocol=17 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{065D3FBD-73FB-4100-8876-8E96E2DA34B1}\" = protocol=58 | dir=out | [email protected],-28546 |

\"{0F8DD5C0-05C3-4096-9D88-40BBB3E9F2FF}\" = protocol=6 | dir=out | app=system |

\"{16D183ED-68D4-4108-B1D7-77B663F4E303}\" = protocol=6 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{17E7E3B8-3C3B-4CEE-84CF-38B548EFF6E2}\" = dir=in | app=c:\\users\\jc\\appdata\\local\\microsoft\\skydrive\\skydrive.exe |

\"{2266AA9E-5F6E-489E-BE93-B9451242ADB5}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgdiagex.exe |

\"{22EB4D6B-453E-4780-9A75-9BE975DCBDFC}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{25CC852A-A2AF-456C-8906-2BD079C5BB02}\" = dir=in | app=c:\\program files (x86)\\windows live\\contacts\\wlcomm.exe |

\"{3E1776FC-8D80-40B5-AA88-EFAA0AA3B870}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{401799B5-3BE1-4A85-BE2A-D6E4466E8C45}\" = protocol=1 | dir=in | [email protected],-28543 |

\"{53BB459D-C169-4585-A742-093B6D99D2F3}\" = protocol=17 | dir=in | app=c:\\program files\\vuze\\azureus.exe |

\"{581AB47C-E8BC-4BBF-8F56-0C44681051FE}\" = protocol=58 | dir=in | [email protected],-28545 |

\"{5E0D697C-AF07-411A-80CB-6D25B3720F8C}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{62083F21-DCC9-414D-8ADF-693973ED9C7A}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{850B313A-FB80-4D3E-978E-8CEC322933E5}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgmfapx.exe |

\"{9FDB115B-1BE5-4172-962B-818019B2FBA5}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgmfapx.exe |

\"{A9F026E7-6F83-40F9-BB4E-E3A6DE51C0C2}\" = protocol=6 | dir=in | app=c:\\program files\\vuze\\azureus.exe |

\"{AE8C8FC0-9252-4FDF-B158-A3298F1A2DD4}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgemca.exe |

\"{BEC3FDDF-0698-4351-B1C4-DF89E0015B35}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgemca.exe |

\"{CAC024C4-30E4-4E82-BC05-536D43CBA79E}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |

\"{D066CB8A-AABA-41EC-9F0A-9BF4076652C3}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgnsa.exe |

\"{D4226D38-2904-4343-8C2C-1609D4DF6873}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\avg\\avg2013\\avgmfapx.exe |

\"{D8F5B880-7D05-44B0-B672-5BE19B513DE0}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgdiagex.exe |

\"{DBD08996-4D4C-4DC8-B426-9A0C371444F2}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{E0361DD4-B4A0-4D2A-ABEA-82CDB804342F}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\avg\\avg2014\\avgnsa.exe |

\"{E161B68D-E906-4121-82FC-EE8CAC4903A9}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{E7EA3BFA-0846-4845-B03D-F15C037DA381}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{E9639E5D-0802-433E-841F-5FFE787DFC36}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{E9E1E519-93FA-49EC-9081-5AB9DBD6108C}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{F00BA7CD-E4C7-47F9-91AE-5CB35C345F06}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{F033ED68-86EA-464C-BDE9-0AE84FFEE762}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{F7A7DD2D-EF63-46CB-AB53-729420E5519F}\" = protocol=1 | dir=out | [email protected],-28544 |

\"{FCECFB2B-64E8-4C25-B026-32762FD257AC}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\avg\\avg2013\\avgmfapx.exe |

\"TCP Query User{99D04120-A8AE-4080-8448-F107A08D3DC2}C:\\program files\\vuze\\azureus.exe\" = protocol=6 | dir=in | app=c:\\program files\\vuze\\azureus.exe |

\"TCP Query User{F23ADFD5-06FF-47CD-97C5-708075C62FA2}C:\\program files (x86)\\java\\jre7\\bin\\javaw.exe\" = protocol=6 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe |

\"UDP Query User{7D26D706-3551-431E-B367-F5E48010AB9E}C:\\program files\\vuze\\azureus.exe\" = protocol=17 | dir=in | app=c:\\program files\\vuze\\azureus.exe |

\"UDP Query User{9C1B6A2F-5BE9-43FC-A98E-6249C1753E00}C:\\program files (x86)\\java\\jre7\\bin\\javaw.exe\" = protocol=17 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\javaw.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{066CFFF8-12BF-4390-A673-75F95EFF188E}\" = TOSHIBA Value Added Package

\"{21B133D6-5979-47F0-BE1C-F6A6B304693F}\" = Visual Studio 2010 x64 Redistributables

\"{34883B9C-CDFE-46F0-9C5B-935484C218C3}\" = AVG 2014

\"{5EEC477F-8E9B-4420-8829-16E7426227DB}\" = Windows Live MIME IFilter

\"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}\" = Microsoft .NET Framework 4.5.1

\"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\" = Microsoft Silverlight

\"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}\" = Visual Studio 2012 x64 Redistributables

\"{90140000-0016-0000-1000-0000000FF1CE}\" = Microsoft Office Excel 2010

\"{90140000-0016-0409-1000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2010

\"{90140000-001F-0409-1000-0000000FF1CE}\" = Microsoft Office Proof (English) 2010

\"{90140000-001F-040C-1000-0000000FF1CE}\" = Microsoft Office Proof (French) 2010

\"{90140000-001F-0C0A-1000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2010

\"{90140000-002C-0409-1000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2010

\"{90140000-0043-0000-1000-0000000FF1CE}\" = Microsoft Office Office 32-bit Components 2010

\"{90140000-0043-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 32-bit MUI (English) 2010

\"{90140000-006E-0409-1000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2010

\"{90140000-0115-0409-1000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2010

\"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\" = Microsoft .NET Framework 4.5.1

\"{95120000-00B9-0409-1000-0000000FF1CE}\" = Microsoft Application Error Reporting

\"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}\" = TOSHIBA PC Health Monitor

\"{CE52672C-A0E9-4450-8875-88A221D5CD50}\" = Windows Live ID Sign-in Assistant

\"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}\" = SAMSUNG USB Driver for Mobile Phones

\"{E9FA781F-3E80-4399-825A-AD3E11C28C77}\" = MSVCRT110_amd64

\"{F95BF201-C9AE-4215-883A-EC12A0D88C58}\" = AVG 2014

\"8461-7759-5462-8226\" = Vuze

\"AVG\" = AVG 2014

\"HDMI\" = Intel(R) Graphics Media Accelerator Driver

\"Office14.EXCEL\" = Microsoft Excel 2010

\"SynTPDeinstKey\" = Synaptics Pointing Device Driver

\"WinRAR archiver\" = WinRAR 4.00 (64-bit)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{03D562B5-C4E2-4846-A920-33178788BE00}\" = Windows Live Communications Platform

\"{066CFFF8-12BF-4390-A673-75F95EFF188E}\" = TOSHIBA Value Added Package

\"{0F929651-F516-4956-90F2-FFBD2CD5D30E}\" = Photo Gallery

\"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}\" = Realtek WLAN Driver

\"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}\" = Windows Live SOXE Definitions

\"{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}\" = System Requirements Lab for Intel

\"{26A24AE4-039D-4CA4-87B4-2F83217040FF}\" = Java 7 Update 51

\"{2AC01935-3774-4981-98C8-14E93C14372C}\" = Windows Live UX Platform Language Pack

\"{45898170-E68C-4F02-AA35-C2186BF347A3}\" = Movie Maker

\"{4A03706F-666A-4037-7777-5F2748764D10}\" = Java Auto Updater

\"{4B0446EF-2E04-4639-94CC-25C1666788A2}\" = Silhouette Studio

\"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}\" = Windows Live Installer

\"{5E094C92-6288-4F43-AA9A-D452D0218F3F}\" = Windows Live Essentials

\"{6389F199-1D6C-4974-9557-693F9DD48736}\" = Windows Live Writer Resources

\"{6B6923B9-8719-425B-916C-CD2908F31AAF}\" = Windows Live SOXE

\"{758C8301-2696-4855-AF45-534B1200980A}\" = Samsung Kies

\"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}\" = Windows Live Writer

\"{89870E0D-9602-41F8-9E83-14F6849346A4}\" = Windows Live Mail

\"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}\" = Photo Gallery

\"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}\" = MSVCRT

\"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}\" = MSVCRT110

\"{933B4015-4618-4716-A828-5289FC03165F}\" = VC80CRTRedist - 8.0.50727.6195

\"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}\" = Visual Studio 2012 x86 Redistributables

\"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}\" = Windows Live Writer

\"{AC6569FA-6919-442A-8552-073BE69E247A}\" = TOSHIBA Service Station

\"{AC76BA86-7AD7-1033-7B44-AB0000000001}\" = Adobe Reader XI (11.0.06)

\"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}\" = Movie Maker

\"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}\" = Windows Live Photo Common

\"{D0B44725-3666-492D-BEF6-587A14BD9BD9}\" = MSVCRT_amd64

\"{D604900F-A275-416C-AF9D-CDEDF58B72DB}\" = Windows Live Mail

\"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}\" = Photo Common

\"{E09C4DB7-630C-4F06-A631-8EA7239923AF}\" = D3DX10

\"{E3445598-4424-4EE2-B71C-C23325F7FB71}\" = Windows Live PIMT Platform

\"{EFBCA571-617D-484A-9ECA-E301BB6D0750}\" = Windows Live Writer

\"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\" = Microsoft SQL Server 2005 Compact Edition [ENU]

\"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

\"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}\" = Windows Live UX Platform

\"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}\" = Junk Mail filter update

\"AC3Filter_is1\" = AC3Filter 1.62b

\"Adobe Flash Player ActiveX\" = Adobe Flash Player 12 ActiveX

\"Adobe Flash Player Plugin\" = Adobe Flash Player 12 Plugin

\"DivX Setup\" = DivX Setup

\"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}\" = TOSHIBA Value Added Package

\"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}\" = Samsung Kies

\"Mozilla Firefox 26.0 (x86 en-US)\" = Mozilla Firefox 26.0 (x86 en-US)

\"MozillaMaintenanceService\" = Mozilla Maintenance Service

\"PS3 Media Server\" = PS3 Media Server

\"VLC media player\" = VLC media player 2.0.8

\"Windows Essentials Media Codec Pack\" = Windows Essentials Media Codec Pack 4.0 [64-Bit]

\"WinLiveSuite\" = Windows Live Essentials

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"MyFreeCodec\" = MyFreeCodec

\"SkyDriveSetup.exe\" = Microsoft SkyDrive

\"The Weather Network\" = The Weather Network

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 04/02/2014 5:34:47 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 5:45:32 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 5:54:57 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 6:08:48 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 6:38:11 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 6:56:21 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 7:00:52 PM | Computer Name = JC-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 04/02/2014 7:27:44 PM | Computer Name = JC-PC | Source = Application Error | ID = 1000

Error - 08/02/2014 10:47:53 AM | Computer Name = JC-PC | Source = WinMgmt | ID =

 10

 

Description =

Error - 08/02/2014 11:10:15 AM | Computer Name = JC-PC | Source = WinMgmt | ID =

 10

 

Description =

Error - 08/02/2014 1:13:16 PM | Computer Name = JC-PC | Source = WinMgmt | ID =

10

 

Description =

 

Error encountered while reading event logs.

 

< End of report >

 

Title: New graphics issue? computer acting wierd...
Post by: guestolo on February 10, 2014, 02:07:57 PM

I can\'t see any adware that can be causing the black bar problem.... But I do see adware we should try and remove

Let\'s see how things are afterwards

 

Do the following:
-AdwCleaner-


Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.


• Double click on AdwCleaner.exe to run the tool.


• Click the Scan button and wait for the process to complete.


• Click on the Clean button follow the prompts.


• A log file will automatically open after the scan has finished and the PC has rebooted.


• Please post the content of that log file with your next answer.


• You can also find the log file at C:\\AdwCleaner

-Junkware-Removal-Tool-

• Please download Junkware Removal Tool to your desktop.


• Shut down your protection software now to avoid potential conflicts.


• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".


• The tool will open and start scanning your system.


• Please be patient as this can take a while to complete depending on your system\'s specifications.


• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.


• Post the contents of JRT.txt into your next message.

In addition:

Right click on OTL.exe again and choose to \"Run as Administrator\"

Run another scan, only one log will be created this time named Otl.txt

Can you post it\'s contents please

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 10, 2014, 03:35:38 PM

# AdwCleaner v3.018 - Report created 10/02/2014 at 16:10:59

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : JC - JC-PC

# Running from : C:\\Users\\JC\\Desktop\\adwcleaner.exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****


Folder Deleted : C:\\ProgramData\\AVG Security Toolbar

Folder Deleted : C:\\ProgramData\\Tarma Installer

Folder Deleted : C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\myfree codec

Folder Deleted : C:\\Program Files (x86)\\myfree codec

Folder Deleted : C:\\Users\\JC\\AppData\\Local\\SwvUpdater

File Deleted : C:\\END

File Deleted : C:\\Users\\JC\\AppData\\Local\\Temp\\Uninstall.exe

File Deleted : C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\user.js


***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\ScriptHelper.EXE

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\secman.DLL

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\QuickShare_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\QuickShare_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0037004.BHO

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0037004.BHO.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0037004.Sandbox

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0037004.Sandbox.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{FD501041-8EBE-11CE-8183-00AA00577DA2}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{11111111-1111-1111-1111-110311701104}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{55555555-5555-5555-5555-550355705504}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66666666-6666-6666-6666-660366706604}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{44444444-4444-4444-4444-440344704404}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{11111111-1111-1111-1111-110311701104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{11111111-1111-1111-1111-110311701104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{11111111-1111-1111-1111-110311701104}

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\CLSID\\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{55555555-5555-5555-5555-550355705504}

Key Deleted : [x64] HKLM\\SOFTWARE\\Classes\\Interface\\{66666666-6666-6666-6666-660366706604}

Value Deleted : [x64] HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\\Software\\AVG Secure Search

Key Deleted : HKCU\\Software\\Conduit

Key Deleted : HKCU\\Software\\Cr_Installer

Key Deleted : HKCU\\Software\\InstallCore

Key Deleted : HKCU\\Software\\Myfree Codec

Key Deleted : HKCU\\Software\\smartbar

Key Deleted : HKCU\\Software\\UpdateStar

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Crossrider

Key Deleted : HKLM\\Software\\Myfree Codec

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MyFreeCodec

Key Deleted : [x64] HKLM\\SOFTWARE\\Tarma Installer


***** [ Browsers ] *****


-\\\\ Internet Explorer v11.0.9600.16428



-\\\\ Mozilla Firefox v26.0 (en-US)


[ File : C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\prefs.js ]



*************************


AdwCleaner[R0].txt - [5970 octets] - [10/02/2014 16:07:15]

AdwCleaner[S0].txt - [5602 octets] - [10/02/2014 16:10:59]


########## EOF - C:\\AdwCleaner\\AdwCleaner[S0].txt - [5662 octets] ##########

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 7 Home Premium x64

Ran by JC on 10/02/2014 at 16:14:28.97

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~ Services




~~~ Registry Values




~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\CLSID\\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\CLSID\\{22222222-2222-2222-2222-220322702204}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{22222222-2222-2222-2222-220322702204}




~~~ Files




~~~ Folders




~~~ FireFox


Emptied folder: C:\\Users\\JC\\AppData\\Roaming\\mozilla\\firefox\\profiles\\qsei7pda.default\\minidumps [34 files]




~~~ Event Viewer Logs were cleared






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 10/02/2014 at 16:21:39.66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

OTL logfile created on: 10/02/2014 4:24:56 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\JC\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 70.33% Memory free

7.68 Gb Paging File | 6.42 Gb Available in Paging File | 83.57% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 122.73 Gb Free Space | 13.18% Space Free | Partition Type: NTFS

 

Computer Name: JC-PC | User Name: JC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/02/10 08:34:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/11/14 20:48:30 | 001,861,968 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe

PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe

PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe

PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe

PRC - [2013/05/23 14:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe

PRC - [2013/05/23 14:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/01/09 22:23:22 | 000,223,232 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Serv759bfb78#\\3bc7ec22c021d74dce4f8230f3631fca\\System.ServiceProcess.ni.dll

MOD - [2014/01/09 22:23:09 | 001,889,792 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xaml\\639f444db9491d25b5d158531e1f7d9b\\System.Xaml.ni.dll

MOD - [2014/01/09 22:23:07 | 000,802,816 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\034c34ee777c7a2efc9c631b1179211c\\System.Runtime.Remoting.ni.dll

MOD - [2014/01/09 22:22:52 | 018,813,440 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\a2eb039301af47660eebc7566ce02b9c\\PresentationFramework.ni.dll

MOD - [2014/01/09 22:22:40 | 007,662,080 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\d91f3556f8011a5d48e1448e3fa8df9e\\System.Xml.ni.dll

MOD - [2014/01/09 22:22:35 | 011,025,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\b9fe579783a35b57dd7e69375f35e239\\PresentationCore.ni.dll

MOD - [2014/01/09 22:22:35 | 000,976,384 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1f56d5786274992934de0c900431c447\\System.Configuration.ni.dll

MOD - [2014/01/09 22:22:32 | 006,990,336 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\4e69f1e7d86d79012db2d7e0dadc8880\\System.Core.ni.dll

MOD - [2014/01/09 22:22:26 | 003,950,080 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\ef90aeb894485d14b249d102309b6df3\\WindowsBase.ni.dll

MOD - [2014/01/09 22:22:22 | 010,060,800 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\79f6324a598a7c4446a4a1168be7c4b1\\System.ni.dll

MOD - [2014/01/09 22:22:15 | 016,953,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\045c9588954c3662d542b53f4462268b\\mscorlib.ni.dll

MOD - [2013/11/14 20:49:56 | 000,100,688 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdateCheck.dll

MOD - [2013/11/14 20:48:30 | 001,861,968 | ---- | M] () -- C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/11/26 05:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/02/23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\\Program Files\\TOSHIBA\\TPHM\\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009/11/05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\\Program Files\\TOSHIBA\\Power Saver\\TosCoSrv.exe -- (TosCoSrv)

SRV - [2014/02/05 11:16:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/20 09:06:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files (x86)\\AVG\\AVG2014\\avgwdsvc.exe -- (avgwd)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgdiska.sys -- (Avgdiska)

DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2013/06/20 20:07:52 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/06/20 20:07:52 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/20 09:07:08 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/08/27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/07/20 16:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\\..\\SearchScopes,DefaultScope =

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: \"http://ca.msn.com/\"

FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1

FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..keyword.URL: \"\"

FF - user.js - File not found

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_12_0_0_43.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~3\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_12_0_0_44.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@divx.com/DivX VOD Helper,version=1.0.0: C:\\Program Files (x86)\\DivX\\DivX OVS Helper\\npovshelper.dll (DivX, LLC.)

FF - HKLM\\Software\\MozillaPlugins\\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\\Program Files (x86)\\DivX\\DivX Web Player\\npdivx32.dll (DivX, LLC)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~4\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~4\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=16.4.3508.0205: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=2.0.8: C:\\Program Files (x86)\\VideoLAN\\VLC\\npvlc.dll (VideoLAN)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 17:35:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 17:35:32 | 000,000,000 | ---D | M]

 

[2013/07/19 21:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Extensions

[2014/01/16 19:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions

[2013/08/15 22:17:22 | 000,128,676 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\[email protected]

[2013/10/28 16:52:00 | 000,011,510 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\[email protected]

[2013/10/28 16:52:00 | 000,021,093 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2014/01/16 19:19:51 | 000,940,775 | ---- | M] () (No name found) -- C:\\Users\\JC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\qsei7pda.default\\extensions\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/11/19 11:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2013/12/20 09:06:45 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\\Run: [00TCrdMain] C:\\Program Files\\TOSHIBA\\FlashCards\\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [HotKeysCmds] C:\\Windows\\SysNative\\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [HSON] C:\\Program Files\\TOSHIBA\\TBS\\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [SmoothView] C:\\Program Files\\TOSHIBA\\SmoothView\\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [TosWaitSrv] C:\\Program Files\\TOSHIBA\\TPHM\\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\\Run: [TPwrMain] C:\\Program Files\\TOSHIBA\\Power Saver\\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\\Run: [AVG_UI] C:\\Program Files (x86)\\AVG\\AVG2014\\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [DivXMediaServer] C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe (DivX, LLC)

O4 - HKLM..\\Run: [DivXUpdate] C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe ()

O4 - HKLM..\\Run: [KiesTrayAgent] C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\\Run: [ToshibaServiceStation] C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKCU..\\Run: [AVG-Secure-Search-Update_0214c] C:\\Users\\JC\\AppData\\Roaming\\AVG 0214c Campaign\\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=3d36cfad21ae47d3ac4ad16f64d72b2d-0bce24661d296fd33ca722b7840714b550f4dabf /CMPID=0214c File not found

O4 - HKCU..\\Run: [AVG-Secure-Search-Update_1113a] C:\\Users\\JC\\AppData\\Roaming\\AVG 1113a Campaign\\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=3d36cfad21ae47d3ac4ad16f64d72b2d-0bce24661d296fd33ca722b7840714b550f4dabf /CMPID=1113a File not found

O4 - HKCU..\\Run: [KiesAirMessage] C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup File not found

O4 - HKCU..\\Run: [KiesPreload] C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe (Samsung)

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{93FA396F-A4DC-4D34-91C8-DE334BF6D81D}: DhcpNameServer = 192.168.2.1 192.168.2.1

O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found

O18 - Protocol\\Handler\\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\AutoRun\\command - \"\" = D:\\SETUP.EXE

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\configure\\command - \"\" = D:\\SETUP.EXE

O33 - MountPoints2\\{b21e9637-ef4f-11e2-bd3d-806e6f6e6963}\\Shell\\install\\command - \"\" = D:\\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/02/10 16:14:27 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2014/02/10 16:00:37 | 001,037,530 | ---- | C] (Thisisu) -- C:\\Users\\JC\\Desktop\\JRT.exe

[2014/02/10 15:58:56 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

[2014/02/10 08:33:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

[2014/02/04 18:35:20 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\\Windows\\SysWow64\\CSVer.dll

[2014/02/04 18:32:22 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\SystemRequirementsLab

[2014/02/04 18:32:16 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\AppData\\Roaming\\SystemRequirementsLab

[2014/02/04 17:51:06 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\x64

[2014/02/04 17:51:06 | 000,000,000 | ---D | C] -- C:\\Windows\\SysWow64\\Lang

[2014/02/04 17:51:05 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\\Windows\\SysWow64\\igxpun.exe

[2014/02/04 11:12:52 | 000,000,000 | --SD | C] -- C:\\Users\\JC\\Documents\\My Data Sources

[2014/02/04 10:22:39 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\Documents\\Excel Activator

[2014/02/04 10:19:16 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office

[2014/02/04 10:18:57 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Synchronization Services

[2014/02/04 10:18:55 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\DESIGNER

[2014/02/04 10:18:23 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft SQL Server Compact Edition

[2014/02/04 10:16:53 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Analysis Services

[2014/02/04 10:16:53 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Microsoft Analysis Services

[2014/02/04 10:16:41 | 000,000,000 | ---D | C] -- C:\\Users\\JC\\AppData\\Local\\Microsoft Help

[2014/02/04 10:16:40 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Microsoft Office

[2014/02/04 10:16:38 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Office

[2014/02/04 10:16:38 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft Help

[2014/02/04 10:16:23 | 000,000,000 | RH-D | C] -- C:\\MSOCache

[2014/01/21 21:09:27 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/21 21:09:20 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/21 21:09:20 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/21 21:09:20 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/15 22:36:02 | 000,000,000 | ---D | C] -- C:\\Windows\\Minidump

[2014/01/15 08:46:41 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys

[2014/01/15 08:46:41 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys

[2014/01/15 08:46:38 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys

 

========== Files - Modified Within 30 Days ==========

 

[2014/02/10 16:19:41 | 000,028,352 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/02/10 16:19:41 | 000,028,352 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/02/10 16:16:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/02/10 16:12:25 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/02/10 16:12:21 | 3092,938,752 | -HS- | M] () -- C:\\hiberfil.sys

[2014/02/10 16:00:40 | 001,037,530 | ---- | M] (Thisisu) -- C:\\Users\\JC\\Desktop\\JRT.exe

[2014/02/10 15:58:42 | 001,166,132 | ---- | M] () -- C:\\Users\\JC\\Desktop\\adwcleaner.exe

[2014/02/10 08:34:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\JC\\Desktop\\OTL.exe

[2014/02/09 16:13:17 | 000,001,798 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Vuze.lnk

[2014/02/09 16:13:17 | 000,001,798 | ---- | M] () -- C:\\Users\\JC\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Vuze.lnk

[2014/02/09 09:56:52 | 000,781,618 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI

[2014/02/09 09:56:52 | 000,666,680 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat

[2014/02/09 09:56:52 | 000,126,324 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat

[2014/02/05 11:16:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2014/02/05 11:16:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2014/02/04 17:54:25 | 000,015,190 | ---- | M] () -- C:\\Windows\\SysNative\\results.xml

[2014/02/04 17:33:24 | 000,291,152 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT

[2014/02/04 09:44:58 | 000,002,835 | ---- | M] () -- C:\\Users\\JC\\Documents\\Budget as of Jan 2014.rtf

[2014/02/04 09:44:58 | 000,002,835 | ---- | M] () -- C:\\Users\\JC\\Desktop\\Budget as of Jan 2014.rtf

[2014/01/24 09:39:43 | 000,000,332 | ---- | M] () -- C:\\Users\\JC\\Desktop\\new cds.rtf

[2014/01/15 22:35:59 | 443,984,828 | ---- | M] () -- C:\\Windows\\MEMORY.DMP

 

========== Files Created - No Company Name ==========

 

[2014/02/10 15:58:37 | 001,166,132 | ---- | C] () -- C:\\Users\\JC\\Desktop\\adwcleaner.exe

[2014/02/04 17:54:25 | 000,015,190 | ---- | C] () -- C:\\Windows\\SysNative\\results.xml

[2014/01/15 22:35:59 | 443,984,828 | ---- | C] () -- C:\\Windows\\MEMORY.DMP

[2014/01/09 22:19:43 | 000,762,252 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2013/05/22 19:43:52 | 000,030,568 | ---- | C] () -- C:\\Windows\\MusiccityDownload.exe

[2013/05/22 19:43:48 | 000,974,848 | ---- | C] () -- C:\\Windows\\SysWow64\\cis-2.4.dll

[2013/05/22 19:43:48 | 000,081,920 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_bs-2.3.dll

[2013/05/22 19:43:48 | 000,065,536 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_pe-2.3.dll

[2013/05/22 19:43:48 | 000,057,344 | ---- | C] () -- C:\\Windows\\SysWow64\\issacapi_se-2.3.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]


< End of report >

 

Title: New graphics issue? computer acting wierd...
Post by: guestolo on February 11, 2014, 10:20:51 AM

Right click on OTL.exe and choose to \"Run as Admin\"

• Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please
  

   

  
  

   

  
  

  :Commands
  

  [EmptyJava]

  
  

  [EmptyFlash]
  
  [EmptyTemp]

  
  

  
  


• Then click the Run Fix button at the top


• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted

A log should open, can you post it please

A copy of this log can also be found in

C:\\_OTL\\Moved Files folder

 

keep me informed how things are running please

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 11, 2014, 05:45:25 PM

ok,,,well things seem to be running faster a tad,,, it wasnt really a slow computer to begin with. Im the only user and like to keep it cleaned up the best i can,,, is there any monthly or daily things i can do to keep the crap from coming back. I completely replaced the hard drive and have only been useing this for less then a yr now. so for it to have spyware on it already surprizes me.

Only thing I seen pop up there before i remember getting was the codec,,not sure if that was it or a different one,,,, it was for a AC3 sound i think. Something i thought was free of spam. But that might be unrelated to that one i seen above...not sure.

 

Basicly moveing on from here,,,, what other cleaning do you think i should do?

and what should i think about doing to fix my aspect ratio problem. A bios reload?

I dont see any updates from toshibia that i dont have... maybe ill look into the bios update. as the aspect ratio is incorrect the same during start up on the toshibia screen. But I find it very odd the issue went away then came back again a few days later,,, and its still incorrect as I type this. heres that log..

 

All processes killed

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: JC

->Java cache emptied: 10610925 bytes

 

User: Public

 

Total Java Files Cleaned = 10.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: JC

->Flash cache emptied: 81399 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: JC

->Temp folder emptied: 794666155 bytes

->Temporary Internet Files folder emptied: 218130974 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 424168391 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 409178050 bytes

%systemroot%\\sysnative\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files folder emptied: 78386116 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,835.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 02112014_175829


Files\\Folders moved on Reboot...

C:\\Users\\JC\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt moved successfully.

C:\\Users\\JC\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat moved successfully.


PendingFileRenameOperations files...


Registry entries deleted on Reboot...

 

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 12, 2014, 07:40:05 AM

im thinking spyware might be affecting my screen,,, as last night after all that i did a hard reboot,,, and turned it on this morning and my aspect ratio is fine again and all my icons are in the correct spot.

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 12, 2014, 06:57:24 PM

sorry 3rd post in a row,,, but the log you asked for is on my 3rd last reply... anyhow I found a pattern to my incorrect aspect ratio,

a hard reboot will make the screen normal.

a soft reboot  (ex. triggered by windows update or clicking the restart button) puts the computer into the incorrect ratio... and will stay like that until I do a complete shut down again.

wierd? what should I do?

Title: New graphics issue? computer acting wierd...
Post by: guestolo on February 13, 2014, 12:47:56 PM

sorry for the delay

I don\'t think it\'s spyware or virus... I was thinking a graphic card issue

But it may be software related

 

Does it always come back as good aspect ratio if you shut down computer... Wait 10 seconds and then startup?

Does it come back bad aspect ratio every time you just restart the computer?\\

 

When you\'re at improper ratio, is the resolution set different?

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 14, 2014, 11:14:50 AM

ok so after all day yesterday it was correct, this morning avg updated again and wanted to restart so i did, which restarted it and I was back to the messed up screen,,, so powered it down,,, waited more then 10sec and powered on and it didnt fix.

It seems like it might need to be left off longer then 10sec,,, maybe 5mins?

I keep trying...

 

Currently the aspect ratio says is at 1280x800 right now with a messed up screen, with the full screen no border option turned on. Also all of my desktop icons are to one side (incorrect position) but If I do a screen capture )(ctrl alt print screen) my windows bottom bar is showing in the picture.

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 14, 2014, 11:42:22 AM

....................ok yup left it off longer then 10mins this time unplugged from ac and after start up it came up normal again:

Currently the aspect ratio says is at 1366x768 right now, with the full screen no border option turned on. Also all of my desktop icons are back to normal (correct position)

Title: New graphics issue? computer acting wierd...
Post by: guestolo on February 14, 2014, 09:44:01 PM

Can you try a clean boot of Windows 7 and see if your resolution changes

See if you can restart a few times with it remaining correct if it\'s ok

 

Link will explain how to perform a clean boot

http://support.microsoft.com/kb/929135

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on February 16, 2014, 08:59:01 PM

yes,,, did 2 clean boots in a row and still came up the incorrect ratio,,,, so i did a various reboots/shutdowns/plugged in/un plugged/shut cover/pulled battery..... 20 all together.... etc... and no real pattern emerged other then 99% of reboots (computer or user generated) will create a incorrect ratio and 99% of all full shutdown and 10 sec wait or more will fix the issue. For that 1% that didnt work a batt removal during shut down always gets the correct ratio.

but get this so I tryed to clean boot again and it was fine? then i tried unplugged clean boot... and it was fine.

then again tryed a reg restart with the start menu option and again back to wrong ratio. so i hard re-booted it back to reg ratio.

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on March 16, 2014, 02:24:11 PM

had a good run there where it was fine,,, but today after a windows update it went back to incorrect ratio and no matter what do it wont go back to the proper ratio.

So im guessing your right theres some conflict with my display hardware or softwares.... could I have 2 and they are clashing?

Heres the info my divice manager says I have.... and this is what intel says:

Graphics Driver

            Product Detected
         
            Mobile Intel® 4 Series Express Chipset Family
      
            Current Driver Installed
         
            8.15.10.1883
      
            A customized computer manufacturer driver is installed on your computer. The Intel Driver Update Utility is not able to update the driver. Installing a generic Intel driver instead of the customized computer manufacturer driver may cause technical issues. Contact your computer manufacturer for the latest driver for your computer.
      

 

..... this is the last driver toshibia lists for my computer

            11/2/2009
         
            Intel Display Driver
         
            Intel
         
            Windows 7 64bit
         
            8.15.10.1883
      

Title: New graphics issue? computer acting wierd...
Post by: jcurrieirocz on April 01, 2014, 01:41:03 PM

Yep issue is back today,,, ordered a new computer. screw this. Toshiba Canada has no forums and usa guys wont even give it a try. Its also out of warrantee so Toshiba here wont help and it has old drivers with no new updated ones.

Screw them and there OEM third party drivers! Never buy a Toshiba again. thx Guestsolo anyhow... wanna buy a computer lol